Jimbos Protocol, an Arbitrum-based altcoin project, succumbed to a $7.5 million hack attack. The autopsy report shows that the vulnerability is due to a lack of liquidity shift operations.
Jimbos Protocol loses $7.5 million worth of altcoins
Blockchain security firm PeckShield reports that Jimbos Protocol has lost 4,000 ETH worth approximately $7.5 million. According to the autopsy report, the hack resulted from the protocol’s lack of slip control in liquidity shift operations. Hackers thus exploited the protocol’s functions to their advantage.
The successful hack involved manipulating the price range by taking advantage of the liquidity invested by the protocol. This vulnerability allowed attackers to perform reverse trades. Thus, they profited from the uneven price range caused by the uneven investment of the liquidity of the protocol.
It appears today's @jimbosprotocol hack leads to the 4090 ETH loss (w/ ~$7.5M).
This hack is due to the lack of slippage control of liquidity-shifting operation — such that the protocol-owned liquidity is invested into a skewed/imbalanced price range, which is exploited in… https://t.co/wnQAeksojz pic.twitter.com/TPlqNlvnZD
— PeckShield Inc. (@peckshield) May 28, 2023
PeckShield also provided a trace stream of the hacking process. Attackers took advantage of the lack of slip control in the liquidity conversion process. By exploiting this vulnerability, they were able to reverse the swap order and gain illegal profits.
It is worth noting that the Jimbos Protocol was only launched in mid-May and was only 20 days old at the time of the attack. The protocol had announced plans to introduce new test measures to address liquidity and token price volatility concerns. However, it turns out that the mechanisms of the protocol are not yet fully developed. This opens a logical loophole that facilitates the attack.
JIMBO price is in free fall
As a result of the hack, the platform’s native token JIMBO suffered a significant 40% drop in value. PeckShield reports that the attackers pulled 4,090 ETH from the Arbitrum network and then used bridges like Stargate and Celer Network to convert around 4,048 ETH to the Ethereum network.
Meanwhile, the Jimbos Protocol team reports that they are working on security vulnerabilities. According to the most recent announcements, “We are aware of the abuse regarding our protocol and are in active communication with law enforcement and security professionals. We will publish more information when possible.”
We are aware of the exploit regarding our protocol and are actively in contact with law enforcement and security professionals.
We will release further information when possible.
— Jimbos Protocol (v2, soon) (@jimbosprotocol) May 28, 2023
This event contributes to a number of recent DeFi protocol attacks and exploits in the crypto market. Reports indicated a decrease in the frequency of such attacks compared to previous years. However, the community is still witnessing a few events lately.
For example, earlier this month, the 0VIX protocol suffered a flash loan attack that resulted in a loss of approximately $2 million. Additionally, Tornado Cash was the victim of an administrative takeover and saw a significant amount of TORN withdraw. cryptocoin.comWe have included the details in this article.
Conclusion
The security breaches highlight the importance of robust security measures and comprehensive protocol development in the DeFi ecosystem. Developers and security experts must collaborate to identify and address vulnerabilities to protect users’ funds and maintain the trust of the crypto community.
